{
  "feature": "[Feature Name] for BOLA and Auth Vulnerabilities",
  "scenario": "[ScenarioID]-[Scenario Name]",
  "steps": [
    "url 'http://localhost:5000'",
    "* def generateToken = function() { return java.util.UUID.randomUUID().toString() },",
    "* def usernames = ['user1', 'user2', 'user3'],",
    "* foreach usernames, function(username){",
    "    * def token = generateToken()",
    "    given path '/users/v1/' + username + '/password'",
    "    and request { password: 'newPass' }",
    "    when method PUT",
    "    then status 204 or status 403",
    "    match response contains 'Password updated successfully.' if status == 204 else 'Access denied.',",
    "* }"
  ]} [question]: Write me a security test case using karate DSL scenario for the following API Spec: {"path": "/oauth/refresh", "method": "POST", "responses": {"200": {"description": "Refreshes access token with refresh token and client ID/secret", "content": {}}}, "requestBody": {"description": "field to refresh tokens", "content": {"application/json": {"schema": {"type": "object", "properties": {"refresh_token": {"type": "string"}, "client_id": {"type": "string"}, "client_secret": {"type": "string"}}}}, "required": true}, "parameters": [{"name": "client_id", "in": "query", "description": "Client ID for token refresh", "required": true, "schema": {"type": "string", "example": "clientId123"}}], ["name": "client_secret", "in": "query", "description": "Client secret for token refresh", "required": true, "schema": {"type": "string", "example": "clientSecret456"}}]} [question]: Write me a security test case using karate DSL scenario for the following API Spec: {"path": "/auth/validate", "method": "GET", "responses": {"200": {"description": "Validates user's session token", "content": {}}}, "requestParams": {"sessionToken": ""}, "required": true}, ["name": "sessionToken", "in": "query", "description": "Session token to validate", "required": true, "schema": {"type": "string", "example": "1234567890"}}]} [question]: Write me a security test case using karate DSL scenario for the following API Spec: {"path": "/user/profile/image", "method": "POST", "responses": {"200": {"description": "Uploads user profile image", "content": {}}}, "requestBody": {"description": "field to upload profile image", "content": {"multipart/form-data": {"schema": {"type": "object", "properties": {"file": {"type": "file"}, "userId": {"type": "string"}}}}, "required": true}, ["name": "file", "in": "multipart", "description": "Profile image file to upload", "required": true, "schema": {"type": "file"},"example": "path/to/image.jpg"}, ["name": "userId", "in": "query", "description": "User ID of the profile owner", "required": true, "schema": {"type": "string", "example": "user12"}}]} [question]: Write me a security test case using karate DSL scenario for the following API Spec: {"path": "/admin/reports/generate", "method": "POST", "responses": {"200": {"description": "Generates admin reports", "content": {}}}, "requestBody": {"description": "field to generate reports", "content": {"application/json": {"schema": {"type": "object", "properties": {"reportType": {"type": "string"}, "params": {"type": "object"}}}}, "required": true}, ["name": "reportType", "in": "query", "description": "Type of report to generate", "required": true, "schema": {"type": "string", "example": "financial"}}]} [question]: Write me a security test case using karate DSL scenario for the following API Spec: {"path": "/user/profile/update", "method